src/Security/Voter/PointsCatalog/CatalogOrderVoter.php line 17

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\PointsCatalog;
  5. use App\Entity\Garages\Garage;
  6. use App\Entity\PointsCatalog\CatalogOrder;
  7. use App\Entity\Province;
  8. use App\Entity\User;
  9. use App\Enum\MenuRolesAssociatedEnum;
  10. use App\Enum\MenuRolesManagerEnum;
  11. use App\Enum\UserRolesEnum;
  12. use App\Enum\VotersEnum;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  15. use Symfony\Component\Security\Core\Security;
  17. class CatalogOrderVoter extends Voter
  18. {
  19.     private Security $security;
  20.     private array $voters;
  22.     public function __construct(Security $security)
  23.     {
  24.         $this->security $security;
  25.         $this->voters = [
  26.             VotersEnum::LIST_CATALOG_ORDER,
  27.             VotersEnum::VIEW,
  28.             VotersEnum::DELETE,
  29.             VotersEnum::PROCESS,
  30.             VotersEnum::REOPEN,
  31.             VotersEnum::EXPORT_CATALOG_ORDER,
  32.         ];
  33.     }
  35.     protected function supports(string $attribute$subject): bool
  36.     {
  37.         // first check the $subject and last if the $attribute is supported,
  38.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  39.         if ($subject && !$subject instanceof CatalogOrder) {
  40.             // only vote on these objects
  41.             return false;
  42.         }
  43.         if (in_array($attribute$this->voters)) {
  44.             // if the attribute is one we support
  45.             return true;
  46.         }
  48.         return false;
  49.     }
  51.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  52.     {
  53.         $user $token->getUser();
  54.         if (!$user instanceof User) {
  55.             // the user must be logged in; if not, deny access
  56.             return false;
  57.         }
  58.         switch ($attribute) {
  59.             case VotersEnum::LIST_CATALOG_ORDER:
  60.                 return $this->canList();
  61.             case VotersEnum::VIEW:
  62.                 return $this->canView($subject$user);
  63.             case VotersEnum::DELETE:
  64.                 return $this->canDelete($subject$user);
  65.             case VotersEnum::PROCESS:
  66.                 return $this->canProcessOrder($subject);
  67.             case VotersEnum::REOPEN:
  68.                 return $this->canReopenOrder($subject);
  69.             case VotersEnum::EXPORT_CATALOG_ORDER:
  70.                 return $this->canExport();
  71.         }
  73.         throw new \LogicException('This code should not be reached!');
  74.     }
  76.     private function canList(): bool
  77.     {
  78.         return $this->isAdminUser()
  79.             || $this->isCoordinatorUser()
  80.             || $this->isAssociatedManagerUser()
  81.             || $this->isAssociatedUser();
  82.     }
  84.     private function canView(CatalogOrder $catalogOrderUser $user): bool
  85.     {
  86.         return $this->isAdminUser()
  87.             || $this->isCoordinatorUser()
  88.             || $this->isAssociatedManagerUser()
  89.             || ($this->isAssociatedUser() && $this->isOwner($catalogOrder$user));
  90.     }
  92.     private function canDelete(CatalogOrder $catalogOrderUser $user): bool
  93.     {
  94.         return $this->isOwner($catalogOrder$user) && $catalogOrder->isPending();
  95.     }
  97.     private function canProcessOrder(CatalogOrder $catalogOrder): bool
  98.     {
  99.         return $this->isAdminUser() && $catalogOrder->isPending();
  100.     }
  102.     private function canReopenOrder(CatalogOrder $catalogOrder): bool
  103.     {
  104.         return $this->isAdminUser() && $catalogOrder->isPending();
  105.     }
  107.     private function canExport(): bool
  108.     {
  109.         return $this->isAdminUser();
  110.     }
  112.     private function isOwner(CatalogOrder $catalogOrderUser $user): bool
  113.     {
  114.         if ($this->isAdminUser()) {
  115.             return true;
  116.         } elseif ($this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG)) {
  117.             /** @var Province $province */
  118.             foreach ($user->getWorkProvinces() as $province) {
  119.                 if ($catalogOrder->getGarage()->getAddress() && $catalogOrder->getGarage()->getAddress()->getProvince() && $province->getId() === $catalogOrder->getGarage()->getAddress()->getProvince()->getId()) {
  120.                     return true;
  121.                 }
  122.             }
  123.         } elseif ($user->hasRole(UserRolesEnum::ROLE_ASSOCIATED_LONG) || ($user->hasRole(UserRolesEnum::ROLE_ASSOCIATED_MANAGER_LONG) && !$user->hasRole(MenuRolesManagerEnum::ROLE_MENU_CATALOG_POINTS))) {
  124.             // orders make by admins take their own user id, instead of the garage user id  =/=> $result = $catalogOrder->getUser()->getId() === $user->getId();
  125.             /** @var Garage $garage */
  126.             foreach ($user->getGarages() as $garage) {
  127.                 if ($catalogOrder->getGarage()->getId() === $garage->getId()) {
  128.                     return true;
  129.                 }
  130.             }
  131.         }
  133.         return false;
  134.     }
  136.     private function isAssociatedUser(): bool
  137.     {
  138.         return $this->security->isGranted(MenuRolesAssociatedEnum::ROLE_MENU_CATALOG_POINTS_ASSOCIATED);
  139.     }
  141.     private function isAssociatedManagerUser(): bool
  142.     {
  143.         return $this->security->isGranted(UserRolesEnum::ROLE_ASSOCIATED_MANAGER_LONG);
  144.     }
  146.     private function isCoordinatorUser(): bool
  147.     {
  148.         return $this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG);
  149.     }
  151.     private function isAdminUser(): bool
  152.     {
  153.         return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_CATALOG_POINTS);
  154.     }
  155. }